scan▌

You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. Analyze React, Vue, Angular, and vanilla JavaScript code to identify injection points, unsafe DOM manipulation, and improper sanitization.

Scans dependency lockfiles for known vulnerabilities and generates severity-ranked findings with remediation guidance. \n \n Discovers and scans all common lockfile formats (package-lock.json, yarn.lock, go.sum, Gemfile.lock, and others) across your repository \n Identifies CVEs in dependencies and assigns severity levels to help prioritize remediation \n Analyzes exploitability of each vulnerability candidate to distinguish high-risk from low-risk findings \n Generates a structured scan report

Automated secrets scanner that detects hardcoded API keys, tokens, passwords, and sensitive data in codebases. \n \n Scans repositories for leaked credentials and generates findings with severity levels and remediation guidance \n Uses the poltergeist binary to identify secret candidates, then analyzes and confirms each one through parallel subagents \n Stores scan results and findings in a repo-specific cache directory under ~/.ghost/repos/ with git-based versioning \n Orchestrates multi-step w

Static analysis security scanner that identifies OWASP vulnerabilities across backend, frontend, mobile, and library code. \n \n Scans for SQL injection, XSS, BOLA, BFLA, SSRF, prototype pollution, unsafe deserialization, ReDoS, path traversal, and zip slip vulnerabilities \n Three scan depths available: quick (default), balanced, and full, with token usage warnings for comprehensive scans \n Automated workflow: plans vulnerability vectors per project type, nominates candidate files, analyzes fi

Audit Claude Code configurations for security vulnerabilities, misconfigurations, and injection risks. \n \n Scans five configuration areas: CLAUDE.md , settings.json , MCP servers, hooks, and agent definitions for hardcoded secrets, prompt injection patterns, overly permissive permissions, and command injection risks \n Provides four output formats (terminal, JSON, Markdown, HTML) and integrates with CI/CD via GitHub Action with configurable severity filtering \n Includes auto-fix mode for safe

Answers: "Are there wallets with suspicious trading patterns in this Polymarket market?"